Most people sharing photos online are unaware of how much information their files carry. EXIF data is invisible to the viewer but readable by anyone with basic tools — platforms, apps, search engines, and AI systems that process image metadata.
What EXIF data contains
The EXIF standard was introduced in 1995 and is maintained by JEITA (Japan Electronics and Information Technology Industries Association). It organises metadata into several categories:
Location data
The GPS fields in EXIF store the latitude, longitude, altitude, and direction the camera was pointing when the photo was taken. On a smartphone with location services enabled, this data is recorded to several decimal places of precision — enough to identify a specific room in a building. EXIF tag 0x8825 holds the GPS Info IFD, which contains GPS latitude (tag 0x0002), GPS longitude (tag 0x0004), GPS altitude (tag 0x0006), and timestamp (tag 0x0007).
Camera and device information
Camera make and model (tags 0x010F and 0x0110), lens model (tag 0xA434), firmware version (tag 0x0131), and in some cases a unique camera body serial number. Combined, these fields create a device fingerprint that can be used to link photos taken by the same device across different uploads.
Timestamps
Three timestamp fields are commonly present: DateTimeOriginal (when the shutter was pressed), DateTimeDigitized (when the file was created), and DateTime (when the file was last modified). These are stored in local time without a timezone offset by default, though GPSTimeStamp stores UTC time when GPS is available.
Shooting settings
Exposure time, aperture (F-number), ISO speed, focal length, white balance, flash status, and metering mode. For professional photographers, these are useful for post-processing reference. For privacy, they reveal the type of equipment used and shooting conditions.
Software and editing history
The Software tag (0x0131) records the application that last modified the file — which may include Lightroom, Photoshop, or specific AI-enhanced editing tools. This is a common trigger for platform AI-labeling systems when the software name indicates generative tools were used.
Quick reference: key EXIF fields
| Tag (hex) | Field name | Category | Privacy risk |
|---|---|---|---|
| 0x8825 | GPS Info IFD | Location | Critical — root container for all GPS data |
| 0x0002 | GPS Latitude | Location | Critical — precise latitude coordinate |
| 0x0004 | GPS Longitude | Location | Critical — precise longitude coordinate |
| 0x0006 | GPS Altitude | Location | High — altitude above sea level |
| 0x0007 | GPS Timestamp | Location | High — UTC time of capture |
| 0x9003 | DateTimeOriginal | Timestamp | High — exact capture time in local time |
| 0x010F | Make | Device | Medium — camera manufacturer (e.g. Apple, Nikon) |
| 0x0110 | Model | Device | Medium — camera or phone model |
| 0xA434 | LensModel | Device | Low — specific lens fitted |
| 0x0131 | Software | Software | High — app that last saved the file; triggers AI labels |
EXIF vs XMP vs IPTC
Digital image files often carry multiple metadata standards simultaneously:
- EXIF — Camera capture data. Stored in the JPEG header or a separate IFD block in RAW files. The oldest and most widely supported standard.
- IPTC — Editorial and rights metadata. Originally developed for news wire services. Stores author, copyright, caption, keywords, and usage rights.
- XMP — Adobe's Extensible Metadata Platform. An XML-based standard that can carry EXIF and IPTC data plus custom fields. AI content credentials (C2PA) are typically embedded in the XMP stream.
All three can coexist in a single JPEG file. A photo exported from Lightroom may carry EXIF capture data, IPTC copyright fields, and XMP AI generation markers at the same time.
Why EXIF data matters for privacy
The combination of fields is the problem, not any single tag. GPS coordinates alone identify a location. GPS plus timestamp plus camera serial number ties a specific person to a specific place at a specific time. Add lens model and firmware version and the device fingerprint becomes highly specific.
Common privacy risks from shared EXIF data:
- Home address exposure. A photo taken at home and shared on social media embeds the exact GPS coordinates of the home in the file.
- Movement tracking. A series of photos shared publicly can reveal daily routes, regular locations, and travel patterns through their GPS timestamps.
- Equipment identification. Camera serial numbers can link an anonymous account to a known photographer. Lens and firmware data can narrow identification further.
- AI labeling triggers. Software tags and XMP fields written by AI tools cause platforms including Instagram, Facebook, Pinterest, and TikTok to apply AI-generated content labels, sometimes incorrectly.
How platforms handle EXIF data
Platform behaviour is inconsistent. Instagram and Facebook strip GPS coordinates on upload, but may preserve other EXIF fields. WhatsApp strips most EXIF when sharing via the app, but sending as a document preserves it. Email sends the full file with all metadata intact by default. Airdrop and direct file sharing preserve everything.
The only reliable approach is removing metadata before sharing, rather than relying on a platform to strip it on your behalf.
How to view EXIF data
On a Mac, you can view basic EXIF data in Preview by opening an image and choosing Tools → Show Inspector. The command-line tool ExifTool reads all fields. On iPhone, the Photos app shows location and date in the information panel but does not expose camera or software fields.
PrivyClean shows EXIF data grouped by category — location, camera, device, timestamps, software — and flags fields that are commonly problematic before you decide what to remove.
How to remove EXIF data
Removal options range from built-in platform tools to dedicated apps:
- iPhone: The Share sheet includes a "Remove Location" option when sharing photos, but it only removes GPS fields, not other EXIF or XMP data.
- Mac Preview: Does not remove metadata. It can read some EXIF fields but has no cleaning workflow.
- ExifTool (command line): Removes all metadata from any file type. Powerful but requires terminal usage.
- PrivyClean: Removes EXIF, XMP, and IPTC fields from photos, plus metadata from PDFs and documents, with a preview before export. 100% offline — no file upload required.
